1. Field of the Invention
This application relates to the field of computer data storage and more particularly to the field of configuring controlling system call access to data storage devices.
2. Description of Related Art
Host systems may store and retrieve data using a data storage device containing a plurality of host interface units (ports) that communicate with and store and retrieve data on internal storage facilities provided within the data storage device. Such data storage devices are provided, for example, by EMC Corporation of Hopkinton, Massachusetts and disclosed in U.S. Pat. No. 5, 206, 939 to Yanai et al, U.S. Pat. No. 5, 778, 394 to Galtzur et al, U.S. Pat. No. 5, 845, 147 to Vishlitzky et al, and U.S. Pat. No. 5, 857, 208 to Ofek.
The host systems may be assigned access to specific portions of the internal storage facilities, where that access may include reading and writing data and xe2x80x9csystem callsxe2x80x9d that cause the data storage device to execute administrative-like operations (e.g., automatic mirroring, copying, back up). The system calls may not directly read and write data. However, even so, system calls could cause one of the host systems to indirectly access data allocated to another one of the host systems. In addition, remote system calls may be issued to a storage device through a remote storage device (e.g., in a disaster recovery situation) or through a fabric port.
The use of system calls to provide one host system such indirect access to memory allocated to another host system is may not be problematic if all of the host systems and the storage device are controlled by a single entity (i.e., are all owned and operated by a single company) that is capable of coordinating access among different groups within the entity. However, in instances where not all of the host systems are controlled by a single entity (e.g., in instances where a plurality of different smaller companies share use of a single data storage device) and in instances where different groups of the same entity access the host systems in an uncoordinated manner, it may be undesirable to allow such indirect access of internal storage facilities using system calls, especially in instances where the data storage device contains sensitive data of one or more of the entities and/or groups within a single entity. Furthermore, in configurations where a storage device is coupled to additional storage devices to provide backup services therefor, it may be undesirable to allow unintended access to data via system calls.
According to the present invention, controlling a storage device includes defining at least one group that access the storage device, defining at least one pool of devices of the storage device, defining a plurality of access types, and, for the at least one group, determining access rights with respect to the at least one pool for at least one of the access types. The access types may include system calls. The at least one group and the at least one pool may include logical or physical units. The at least one pool may include communication ports of the storage device. The access rights may indicate whether system calls are allowed on the communication ports.
According further to the present invention, restricting access to a storage device includes coupling each of a plurality of host systems to the storage device by one of a plurality of ports provided for the storage device and selectively determining, for each of the ports, whether system calls are allowed, where, for the ports in which system calls are not allowed, a system call by the host systems coupled thereto causes the storage device to indicate that the system call was not performed. Restricting access may also include providing a mechanism that controls whether the ports can accept system calls. Providing a mechanism may include providing an external control device coupled to the storage device. The external control device may act like a dumb terminal sending characters to and receiving characters from the storage device.
Restricting access may also include providing an override mechanism that allows system calls on ports that otherwise do not allow system calls. The override mechanism may also block system calls on ports that otherwise allow system calls. Restricting access may also include resetting the override mechanism after a predetermined amount of time has passed since the mechanism had been set. The predetermined amount of time may be thirty minutes. Restricting access may also include providing an external control device that facilitates setting of the override mechanism. Providing the external control device may include providing a dumb terminal that sends characters to and receives characters from the storage device.
According further to the present invention, a port of a storage device includes means for receiving data provided to the storage device, means for sending data from the storage device, and means for inhibiting system calls provided to the port, where the system calls include requests for administrative operations for the storage device that do not send or receive data.
According further to the present invention, computer software for controlling a port on a storage device includes means for communicating with the storage device and control means, coupled to the means for communicating, for providing commands to the storage device that cause the port to not accept system commands provided thereto, wherein the system commands include requests for administrative operations by the storage device.
According further to the present invention, an apparatus for controlling a port on a storage device includes a port driver coupled to the port to handle data communication with the storage device and a security module, coupled to the port driver to control data communicated by the port driver based on a security configuration data element and an override indicator data element. The apparatus may also include a security configuration control module, coupled to the security configuration data element to control a state thereof. The apparatus may also include a disk configuration data element, coupled to the security configuration control module, where the security configuration control module controls the state of the security configuration data element according to a state of the disk configuration data element. The apparatus may also include an external interface module, coupled to the disk configuration data element to control the state thereof, where the external interface module receives command data provided to the storage device. The external module may be coupled to the override indicator data element to control a state thereof. The apparatus may also include a counter module, coupled to the override indicator data element to control the state thereof according to an amount of time that has passed.
According further to the present invention, determining whether to perform a system command received at a port of a storage device includes determining if an open override is set, determining if port control data exists, determining if port control data indicates that system calls are allowed, and performing a system call in response to at least one of: port control data indicating that system calls are allowed, an open override being set, and port control data not existing. Determining whether to perform a system command may also include determining if a close override is set and rejecting a system call in response to at least one of: a close override being set and port control data indicating that system calls are not allowed.